Monday, June 29, 2009

There has been a couple of malware attacks that have tried to use the news coverage of the death of Michael Jackson as the lure to get people infected.

The malware is a file called Michael-www.google.com.exe. This file was distributed through a site called photos-google.com, photo-msn.org, facebook-photo.net and orkut-images.com. Do not visit these sites.

When executed, Michael-www.google.com.exe drops files called reptile.exe and winudp.exe. These are IRC bots with backdoor capability. The file also shows a fake error message "Picture can not be displayed.".

The virus is detected as Trojan.Win32.Buzus.bjyo by major antiviruses.